From: Andi <andi@geekosphere.org>
Date: Thu, 31 Dec 2015 21:12:42 +0000 (+0100)
Subject: doc: Add ssl_state doc
X-Git-Tag: suricata-3.2beta1~236
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=07dac046d9578c0664ce6b8ea019e1a382dd570f;p=thirdparty%2Fsuricata.git

doc: Add ssl_state doc

See https://redmine.openinfosecfoundation.org/issues/589
---

diff --git a/doc/sphinx/rules/tls-keywords.rst b/doc/sphinx/rules/tls-keywords.rst
index 5e891a68f6..5ff137de43 100644
--- a/doc/sphinx/rules/tls-keywords.rst
+++ b/doc/sphinx/rules/tls-keywords.rst
@@ -1,4 +1,4 @@
-TLS Keywords
+SSL/TLS Keywords
 ============
 
 Suricata comes with several rule keywords to match on various properties of TLS/SSL handshake. Matches are string inclusion matches.
@@ -68,3 +68,12 @@ tls.store
 store TLS/SSL certificate on disk
 
 Support added in Suricata version 1.4.
+
+ssl_state
+---------
+
+The ``ssl_state`` keyword matches the state of the SSL connection. The possible states
+are ``client_hello``, ``server_hello``, ``client_keyx``, ``server_keyx`` and ``unknown``.
+You can specify several states with ``|`` (OR) to check for any of the specified states.
+
+Negation support is not available yet, see https://redmine.openinfosecfoundation.org/issues/1231